Github.Com Containers Podman V2 vulnerabilities

CVE-2024-9407 [MEDIUM] CWE-20 Improper Input Validation in Buildah and Podman Improper Input Validation in Buildah and Podman A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases,

CVE-2024-3056 [HIGH] CWE-400 Podman vulnerable to memory-based denial of service Podman vulnerable to memory-based denial of service A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's

CVE-2020-14370 [MEDIUM] CWE-200 Information disclosure in podman Information disclosure in podman An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw t

CVE-2020-1726 [MEDIUM] CWE-552 Podman has Files or Directories Accessible to External Parties Podman has Files or Directories Accessible to External Parties A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and ov